Android Permission System Violation: Case Study and Refinement

Android Permission System Violation: Case Study and Refinement

Kyoung Soo Han (Department of Computer and Software, Hanyang University, Seoul, South Korea), Yeoreum Lee (Department of Computer and Software, Hanyang University, Seoul, South Korea), Biao Jiang (Microsoft (China), Co., Ltd., Shanghai, China) and Eul Gyu Im (Division of Computer Science and Engineering, Hanyang University, Seoul, South Korea)
Copyright: © 2013 |Pages: 12
DOI: 10.4018/jeei.2013010102
OnDemand PDF Download:
$37.50

Abstract

Android uses permissions for application security management. Android also allows inter-application communication (IAC), which enables cooperation between different applications to perform complex tasks by using some components and Intents. In other words, Android provides more flexibility and places less restriction on application development. This is a major feature that differentiates Android from its competitors. However, IAC also facilitates malicious applications that can collude in attacks of privilege escalation. In this paper, the authors demonstrate with case studies that all IAC channels can potentially be utilized for privilege escalation attacks, and the authors propose a refinement to solve this problem by enforcing IAC permissions and exposing IAC to users.
Article Preview

The Importance Of Security For E-Business And E- Entrepreneur

Globally, smartphone markets are growing every year and diverse smartphone models, operation systems, and applications are being developed. Smartphones have the advantage of being small in size but have high computing capacity to the extent that they are regarded as portable computers, and they can be utilized for diverse purposes by configuring users’ own customized devices through various applications.

Since various companies develop applications and sell in application markets, such as Play Store (Google) and App Store (Apple), revenue can be also generated by loading advertisements on individual applications. The current trend in e-business and e-entrepreneur is a move to mobile devices.

However, applications containing malicious codes are not the only things being distributed illegally, sensitive information such as personal information and payment information is being leaked. The damages are increasing with the increase in the smartphone trends. Therefore, security for smartphones is becoming an issue.

Android aspires to more open environments than the other operating systems to allow more convenient communication among applications. Therefore, many related vulnerabilities exist. In particular, the permission system is the likely to be misused.

The purpose of the present paper is to analyze attack models that may occur in the Android permission system to explore vulnerabilities and offer suggestions for improving the situation.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 7: 2 Issues (2017): 1 Released, 1 Forthcoming
Volume 6: 2 Issues (2016)
Volume 5: 2 Issues (2015)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing